NetBSD/src v6v6V2Nsys/net if.c if.h

   if: replace link state change queue with state transition

   if_link_queue is now a normal bitmask rather than holding a queue.
   It holds three bits to mirror the link state - UNKNOWN, DOWN and UP.
   There are also some bits to indicate that the link state has been scheduled
   for change and if it has been locked for changes (ie the interface being
   destroyed).

   The logic is simple - transitioning to DOWN will remove UNKNOWN and UP,
   transitioning to UNKNOWN will remove UP (no driver should do this).
   This means that even in the event of transitions happening faster than
   the kernel can spit them out, the correct state of the link will be
   preserved which is more important than the exact chain of events.

   This also fixes an issue where the workqueue for the link state change
   was incorrectly scheduled.

   if_link_scheduled is now unused and will be removed in a future patch.

   Fixes PR kern/60056.
VersionDeltaFile
1.537+66-113sys/net/if.c
1.310+7-2sys/net/if.h
+73-1152 files

NetBSD/pkgsrc a6yLSk6sysutils/swtpm Makefile, sysutils/swtpm/patches patch-include_sys__dependencies.h patch-src_swtpm__ioctl_tpm__ioctl.c

   swtpm: Portability, sysconfdir, and pkglint fixes.
VersionDeltaFile
1.1+22-0sysutils/swtpm/patches/patch-include_sys__dependencies.h
1.1+17-0sysutils/swtpm/patches/patch-src_swtpm__ioctl_tpm__ioctl.c
1.1+15-0sysutils/swtpm/patches/patch-include_swtpm_tpm__ioctl.h
1.1+14-0sysutils/swtpm/patches/patch-src_swtpm_check__algos.c
1.1+14-0sysutils/swtpm/patches/patch-src_swtpm_common.c
1.17+7-3sysutils/swtpm/Makefile
+89-32 files not shown
+100-78 files

NetBSD/pkgsrc D0dw90Zsysutils/libtpms Makefile distinfo, sysutils/libtpms/patches patch-src_tpm2_TpmProfile__Common.h patch-src_tpm2_RuntimeProfile.c

   libtpms: Portability fixes.

   Clean up pkglint while here.
VersionDeltaFile
1.1+15-0sysutils/libtpms/patches/patch-src_tpm2_TpmProfile__Common.h
1.1+14-0sysutils/libtpms/patches/patch-src_tpm2_RuntimeProfile.c
1.5+3-3sysutils/libtpms/Makefile
1.4+3-1sysutils/libtpms/distinfo
+35-44 files

NetBSD/pkgsrc WCpXjUlsecurity/ap24-evasive distinfo, security/ap24-evasive/patches patch-mod_evasive24.c

   ap24-evasive: fix SunOS build
VersionDeltaFile
1.2+7-5security/ap24-evasive/patches/patch-mod_evasive24.c
1.2+2-2security/ap24-evasive/distinfo
+9-72 files

NetBSD/src FUhSm6qlib/libpthread shlib_version pthread.c

   libpthread: explain why pthread__allqueue has been kept

   a bit history:

   - libpthread_dbg has been removed from base in 2017.

   - pkgsrc/devel/libpthread_dbg has been removed from pkgsrc in 2020.
     the commit message of the removal was calling it "Legacy library out
     of sync with NetBSD libpthread and without any users".
VersionDeltaFile
1.26+2-2lib/libpthread/shlib_version
1.194+1-1lib/libpthread/pthread.c
+3-32 files

NetBSD/pkgsrc 7Z8wbDbdoc CHANGES-2026

   doc: Updated textproc/rumdl to 0.1.88
VersionDeltaFile
1.2809+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 1kOFaRUtextproc/rumdl distinfo Makefile

   textproc/rumdl: update to 0.1.88

   Added

       md051,md052: handle Pandoc implicit header refs and divergent slugs (8805001)
       md042: document parser-level exclusion of Pandoc inline footnotes, example refs, and implicit header refs (6e4f7d8)
       md040: accept Pandoc {=format} raw blocks; keep {r}/{python} Quarto-only (f4e446f)
       md038: skip Pandoc inline code attribute syntax (db18bba)
       md037: skip Pandoc sub/superscripts and bracketed spans (80a2be6)
       md034: skip URLs inside Pandoc line blocks and metadata (24469fc)
       md029: skip Pandoc example-list markers under Pandoc-compatible flavor (2421618)
       pandoc: add is_pandoc_raw_block_lang helper (60fb48f)
       pandoc: detect multi-line tables (52c242a)
       pandoc: detect grid tables (f331d65)
       pandoc: detect multi-block YAML metadata (0869d66)
       pandoc: detect pipe-table captions (44a20aa)
       pandoc: detect line blocks (8f9590a)
       pandoc: detect bracketed spans (0023c4a)
       pandoc: detect inline code attribute syntax (0cced5f)

    [21 lines not shown]
VersionDeltaFile
1.27+4-4textproc/rumdl/distinfo
1.29+2-2textproc/rumdl/Makefile
+6-62 files

NetBSD/pkgsrc XZ3dVzldoc CHANGES-2026

   doc: Updated devel/mise to 2026.5.0
VersionDeltaFile
1.2808+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc o0Zj7u7devel/mise distinfo cargo-depends.mk

   devel/mise: update to 2025.5.0

   2026.5.0 - 2026-05-03
   🚀 Features

       (conda) graduate conda backend out of experimental by @jdx in #9544
       (deps) Add dart and flutter providers by @tjarvstrand in #9505
       (registry) add neo4j by @mnm364 in #9525
       (registry) add rustfs by @mnm364 in #9530
       (task) support exclusion patterns in task sources by @jlarmstrongiv in #9496
       (vfox) add stat function to lua file module by @esteve in #9497

   🐛 Bug Fixes

       (backend) flag regex prerelease versions by @jdx in #9500
       (backend) mark -nightly/-canary/-experimental as prereleases by @jdx in #9523
       (backend) suppress no-versions warning for unresolved-latest backends by @jdx in #9548
       (backend) include dotnet prereleases from package flags by @jdx in #9551
       (backend) scope PEP 440 prerelease detection to Python backends by @jdx in #9558

    [73 lines not shown]
VersionDeltaFile
1.109+34-34devel/mise/distinfo
1.108+10-10devel/mise/cargo-depends.mk
1.114+2-2devel/mise/Makefile
+46-463 files

NetBSD/pkgsrc H1s5vmSdoc pkg-vulnerabilities

   eilmeldung-1.5.0: no longer affected
VersionDeltaFile
1.761+2-2doc/pkg-vulnerabilities
+2-21 files

NetBSD/pkgsrc WikJIo7doc CHANGES-2026

   doc: Updated news/eilmeldung to 1.5.0
VersionDeltaFile
1.2807+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc qsPiupenews/eilmeldung distinfo cargo-depends.mk

   news/eilmeldung: update to 1.5.0

   1.5.0 - 2026-05-04

   🪟 Windows is now supported!

       Download the release Windows binary or use scoop to install

   scoop bucket add eilmeldung https://github.com/christo-auer/eilmeldung
   scoop install eilmeldung

       eilmeldung should run well using Windows Terminal with a NerdFont-patched font
       Thanks to @azinsharaf for the initial research, support and testing and to @jangernert for the quick release of a new news-flash version!
       Naturally the Windows port is not yet tested as well as the Linux or macOS versions. So please report any bugs you may encounter!
VersionDeltaFile
1.3+163-196news/eilmeldung/distinfo
1.3+53-64news/eilmeldung/cargo-depends.mk
1.3+4-4news/eilmeldung/Makefile
+220-2643 files

NetBSD/pkgsrc bvxqOQidoc CHANGES-2026

   doc: Updated net/xfr to 0.9.14
VersionDeltaFile
1.2806+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc gwiJTBLnet/xfr distinfo Makefile

   net/xfr: update to 0.9.14

   ## [0.9.14] - 2026-05-03

   ### Fixed
   - **Live UDP loss counter no longer stalls under upload-mode saturation** (issue #70 final fix) — v0.9.13's `TCP_NODELAY` partially addressed the bug but brettowe's retest showed 8 subsequent intervals still bunched at one end-of-test client-side timestamp. Root cause was `tokio::time::interval` defaulting to `MissedTickBehavior::Burst` on the server's stats sampling timer: when `writer.write_all()` stalled under the back-pressure that the saturated UDP uplink induces on TCP control, missed ticks accumulated and fired as a burst when the writer unblocked, producing stale interval samples with fresh client-side arrival timestamps and misleading throughput numbers. `Skip` now drops the stale ticks; cumulative state in `StreamStats` atomics still surfaces correctly on the next live tick and at end-of-test. Applied unconditionally on both `run_test` interval-loop sites; benefits even pre-v0.9.14 clients pairing with a v0.9.14 server.
   - **`--omit` no longer folds hidden UDP loss into the first visible interval** — the new cumulative-loss tracker added below was advancing its cache on every progress arrival, but the printed-line baseline only advanced when a line printed. With `--omit 3`, the first visible interval would report all loss accumulated during seconds 0-3 as one jumbo delta, defeating the purpose of `--omit`. The baseline now advances during the omit window so visible lines reflect only loss observed during printed intervals.

   ### Added
   - **UDP receiver feedback (`udp_feedback_v1` capability)** (issue #70 final fix) — when both peers advertise the capability, the server now emits a 36-byte cumulative `(packets_received, packets_lost)` UDP packet back to the client at 2 Hz on the same data socket, sidestepping the TCP control channel for live UDP loss reporting. Wire format: `b"XFRF"` magic + version + kind + flags + `stream_id` + reserved + `elapsed_ms` + cumulative `packets_received` + cumulative `packets_lost`, all big-endian, fixed 36 bytes. Length-first demux at receive sites distinguishes feedback from data packets without inspecting sequence-number bits. Cumulative-not-delta semantics let the client recover from any dropped feedback packet without needing the lost intermediate state. Capability negotiation gates emission so older clients (which wouldn't know to listen) never see a packet they don't understand.
   - **Producer-side monotonic-denominator filter on the client** — both the TCP control `udp_progress` decode site and the UDP feedback aggregator funnel updates through `UdpProgressFilter::apply`, which admits only readings whose `(received + lost)` denominator is at-least-as-fresh as anything we've seen before. Atomic CAS via `fetch_update` so two producers cannot race a stale store after a fresh one. Applies in addition to TUI display: plain text, CSV, and JSON-stream output use the cached cumulative as the source of truth for the per-line `lost` field, so the freshest reading from either source flows through to scripted consumers, not just the TUI live counter.
   - **Live UDP loss in non-TUI output paths** — `--no-tui --json-stream` / `--csv` / plain interval output now reflects the freshest `udp_progress` from either TCP control or UDP feedback. Previously these consumers used per-stream `streams[].lost` from the most recent TCP `Interval` only, which under control-channel stalls could be several seconds stale. Falls back to the per-stream sum for sessions where `udp_progress` is never sent (paired with a pre-0.9.11 server, or non-UDP tests).
   - **Docker repro harness for issue #70** (`docker/Dockerfile.repro`, `docker/repro-issue-70.sh`, `docker/README.md`) — multi-stage build with the current branch and the released v0.9.13 baseline side-by-side. `docker run --rm --cap-add=NET_ADMIN xfr-repro` runs hard assertions on the new build (max bunch ≤ 2, time-to-first-loss < 5s, live mid-run loss observed); `--baseline` prints diagnostics for narrative comparison without gating on a threshold. Stays out of CI — the existing 2× oversubscription `control-channel-skew` job remains the regression floor; the harness is for human-driven A/B at brettowe's 10× recipe before publishing.

   ### Changed
   - **`TestProgress` schema (pre-1.0 break)** — adds `udp_feedback_only: bool` so consumers can distinguish a feedback-only update (only `udp_progress` carries truth; everything else is sentinel/None) from a full TCP `Interval` update. Three consumers handle the partial variant: `App::on_progress` early-returns after updating UDP loss state and preserves all other field values; `main.rs` print loop skips feedback-only entries entirely (the cumulative cache picks up the freshness for the next full interval); cross-version compat test path adopts the new field.
   - **Server bidir mode no longer emits UDP feedback** — feedback is upload-mode-only by design. Bidir's server-side recv half was passing `client_supports_udp_feedback` through to `receive_udp` even though the client's bidir recv has no consumer for those packets; emission was pure overhead on the return path. Bidir always passes `false` now.
   - **`receive_udp` skips feedback packets in `bytes_received` accounting** — the length-first demux previously rejected feedback before the data path but bumped `bytes_received` first. With server bidir gating that's a moot path post-fix, but defense-in-depth: feedback bytes never count toward `bytes_received`, which tracks test-data wire bandwidth.
   - **Capability list factored into a single `SUPPORTED_CAPABILITIES` const** — `client_hello`, `server_hello`, and `server_hello_with_auth` previously each had a duplicated `Vec<String>` literal. Future capability additions now touch one line. New `capability_advertised(&capabilities, name)` helper centralizes the matcher used at both negotiation sites.

    [23 lines not shown]
VersionDeltaFile
1.12+10-10net/xfr/distinfo
1.12+2-2net/xfr/Makefile
1.12+2-2net/xfr/cargo-depends.mk
+14-143 files

NetBSD/pkgsrc GqwAK3wdoc CHANGES-2026

   doc: Updated databases/ruby-sequel to 5.104.0
VersionDeltaFile
1.2805+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 9pLSX8Wdatabases/ruby-sequel distinfo Makefile

   databases/ruby-sequel: update to 5.104.0

   5.104.0 (2026-05-01)

   * Support :lateral_subquery as a filter by associations limit strategy in
     the dataset associations plugin (jeremyevans)

   * Support :lateral_subquery as an eager limit strategy for
     many_through_many/one_through_many associations (jeremyevans)

   * Support :lateral_subquery as a filter by associations limit strategy for
     many_through_many/one_through_many associations (jeremyevans)

   * Support :lateral_subquery as an eager_graph limit strategy for
     many_through_many/one_through_many associations (jeremyevans)

   * Support :lateral_subquery as an eager limit strategy for
     many_to_many/one_through_one associations (jeremyevans)


    [14 lines not shown]
VersionDeltaFile
1.145+4-4databases/ruby-sequel/distinfo
1.146+2-2databases/ruby-sequel/Makefile
+6-62 files

NetBSD/pkgsrc MHFNTAYdoc CHANGES-2026

   doc: Updated archivers/ruby-zip to 3.3.0
VersionDeltaFile
1.2804+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 4Wr4fs1archivers/ruby-zip distinfo Makefile

   archivers/ruby-zip: update to 3.3.0

   3.3.0 (2026-05-02)

   * Refactor InputStream and AbstractInputStream. #661

   Tooling/internal:

   * Update Actions to use checkout at v5.
   * Add Ruby4.0 to the CI matrix. #659
VersionDeltaFile
1.24+4-4archivers/ruby-zip/distinfo
1.25+2-2archivers/ruby-zip/Makefile
+6-62 files

NetBSD/src uakwxHNlib/libpthread pthread.c pthread_int.h

   libpthread: fix pthread_main_np

   the previous implementation was incorrect as pthread_t
   of the main thread can be recycled via pthread__deadqueue.

   with this changes, my test program [1] produces the same
   result as macOS.

   [1] https://github.com/yamt/garbage/tree/a24535e948dc62dde4c67366db97377e53d92e7b/c/pthread_main_np

   an alternative fix would be to stop recycling the main thread
   by simply leaking it. the leak is ok because, after all, it's
   very rare for applications to continue after its main thread
   exits. such applications don't even work as intended on some
   of pthread implementations in the wild. for now, i'd go with
   a more straightforward implementation though. ie. this commit.
VersionDeltaFile
1.193+9-7lib/libpthread/pthread.c
1.115+2-1lib/libpthread/pthread_int.h
+11-82 files

NetBSD/pkgsrc-wip dc78a00webkit-gtk60 distinfo, webkit-gtk60/patches patch-Source_WTF_wtf_glib_FileSystemGlib.cpp

webkit-gtk60: add upstream pull request URL
DeltaFile
+1-1webkit-gtk60/distinfo
+1-0webkit-gtk60/patches/patch-Source_WTF_wtf_glib_FileSystemGlib.cpp
+2-12 files

NetBSD/pkgsrc-wip 86b151awebkit-gtk60 Makefile distinfo, webkit-gtk60/patches patch-Source_WTF_wtf_glib_FileSystemGlib.cpp

webkit-gtk60: update patch after review comments

Fix PKGCONFIG_OVERRIDE while here
DeltaFile
+23-12webkit-gtk60/patches/patch-Source_WTF_wtf_glib_FileSystemGlib.cpp
+5-2webkit-gtk60/Makefile
+1-1webkit-gtk60/distinfo
+29-153 files

NetBSD/src ydzxCYFsys/fs/cd9660 cd9660_rrip.c

   cd9660: make sure that NM records are at least 5 bytes long.

   avoids an integer underflow when this length has 5 subtracted from it
   for a later path.

   Reported by Adam Crosser, Praetorian
VersionDeltaFile
1.19+8-2sys/fs/cd9660/cd9660_rrip.c
+8-21 files

NetBSD/src rlRx7Eysys/arch/arc/stand/boot Makefile

   swap libz and libkern so that libz finds __moddi3().
VersionDeltaFile
1.20+2-2sys/arch/arc/stand/boot/Makefile
+2-21 files

NetBSD/src ZDl9qVIsys/arch/amiga/stand/bootblock/boot Makefile

   fix linking x.out by including moddi3.o (new libz needs it.)
VersionDeltaFile
1.64+2-2sys/arch/amiga/stand/bootblock/boot/Makefile
+2-21 files

NetBSD/pkgsrc S83wWzBdoc CHANGES-2026

   Updated www/py-nbconvert, www/py-jupyter-lsp
VersionDeltaFile
1.2803+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc u33Zr6Nwww/py-jupyter-lsp distinfo Makefile

   py-jupyter-lsp: updated to 2.3.1

   2.3.1
   Bug fixes
VersionDeltaFile
1.8+4-4www/py-jupyter-lsp/distinfo
1.13+2-2www/py-jupyter-lsp/Makefile
+6-62 files

NetBSD/pkgsrc 9SrgmaRwww/py-nbconvert distinfo Makefile

   py-nbconvert: updated to 7.17.1

   7.17.1

   This is a security release, fixing two CVEs:

   - [CVE-2026-39377](https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg)
   - [CVE-2026-39378](https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9)

   (full advisories will be published seven days after release, on 2026-04-14).

   Enhancements made

   - Allow configureable WebPDF JavaScript processing timeout

   Bugs fixed

   - Fix `PermissionError` when checking template paths on shared filesystems
   - Tweak webpdf template logic to fix duplicate extension problem
VersionDeltaFile
1.32+4-4www/py-nbconvert/distinfo
1.42+2-2www/py-nbconvert/Makefile
+6-62 files

NetBSD/pkgsrc VAPylR0doc CHANGES-2026

   doc: Updated mail/neomutt to 20260504
VersionDeltaFile
1.2802+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc OGkrVSjmail/neomutt Makefile distinfo

   neomutt: update to 20260504.

   2026-05-04  Richard Russon  \<rich at flatcap.org\>
   * Security
     - Fix GSSAPI buffer underflow on short unwrapped tokens
     - Reject percent-encoded NUL bytes in URL decoding
     - Skip CN fallback when SAN dNSName entries exist (RFC6125)
     - Cap POP3 UIDL responses to prevent OOM from a malicious server
     - Harden POP host URL copy
   * Bug Fixes
     - #4836 imap: fix memory leak in `msg_parse_flags`
     - #4849 Fix memmove in `mutt_str_expand_tabs`
     - #4850 IMAP: enhance stability with re-entrancy protection and reconnection fixes
     - #4852 Say which mailcap field we are looking for
     - #4853 Don't overwrite content_type
     - pager: fix crash on `uncolor *`
     - pager: fix wrong line index in signature syntax realloc
     - pager: fix OOB read on short log lines in `display_line()`
     - pager: fix off-by-one in newline restoration

    [5 lines not shown]
VersionDeltaFile
1.121+3-6mail/neomutt/Makefile
1.92+4-4mail/neomutt/distinfo
+7-102 files

NetBSD/pkgsrc EYxgpqXdoc CHANGES-2026

   doc: Note remove of www/ruby-rails61 and related pacakges.

        www/ruby-rails61
        textproc/ruby-actiontext61
        devel/ruby-railties61
        www/ruby-actioncable61
        mail/ruby-actionmailbox61
        mail/ruby-actionmailer61
        devel/ruby-activestorage61
        databases/ruby-activerecord61
        www/ruby-actionpack61
        www/ruby-actionview61
        devel/ruby-activejob61
        devel/ruby-activemodel61
        devel/ruby-activesupport61
VersionDeltaFile
1.2801+14-1doc/CHANGES-2026
+14-11 files